When using federated users in a CRM Online, we encountered an error where accessing the CRM worked fine, but accessing the system using the Outlook client (configuring it) or accessing it via the tablet client did not work. It seems that some additional settings were required on the AD FS server.
We we working with a customer who had set up a CRM Online with federated users to their AD via their AD FS. When accessing this via the web client, it all worked well, but when trying to configure CRM for Outlook we just got an error “An error has occured. Please contact the system administrator”. Our customer’s IT manager started a premier support case as I felt this was most probably a AD FS related issue (there were no problems with the non-federated users).
After a couple of screen sharing sessions we got some great help from Pedro R at Microsoft Support and I learned something new which I thought I’d share with you and that is this;
When using federated users in CRM Online and when using IFD CRM with AD FS you have to enable the Outlook and Tablet authentication to pass through the AD FS, otherwise it is blocked.
There is a Technet article on this which can be found here: https://technet.microsoft.com/en-us/library/hh699726.aspx#BKMK_WS2012R2
I think this is often something that might be overlooked why I thought sharing it with you would be a good idea. Maybe you’ll find it and save yourself some time!
MVP, Founder and CTO at CRM-konsulterna AB
I received a question per email today and as I Work as a Consultant, Selling my time by the hour, while at the same time sharing my knowledge and experience on this blog and in Other places, I thought I might share my general view on how I separate the Community Work from the Work that puts food on my table.
I am a strong believer in the notion that we need to share knowledge with each other to be able to all grow and be stronger. This is why I started the blog, started CRM User Group Sweden, run Techie After Work (with Allan Varcoe and Peter Björkmarker), present at Conferences where I do not get paid for speaking. If we all do this in the Dynamics CRM Community, it will grow large, new people will quickly learn from the more experienced, and our CRM system, will prosper to all our benefit.
|We all have to put food on the table
But, I also have to put food on the table, so when people ask me to help them by contacting me by
email or phone, they do actual ask me as a Consultant and I can and will charge for the time I help out. Typically an agreement, including NDA, is signed so that I can help out in a more direct manner, which of course, is different than somebody asking something general in the comment on a blog post.
So, if you have a question to me, regarding a post, I recommend leaving a comment. Sadly, there are a lot of comment spammers out there, looking for some links to their sites, why I need to moderate all comments, as I respect you as readers and I do not want to waste your time with crap comments and irrelevant links to companies trying to sell training or otherwise.
So, on to the question I got, as it was clearly directed as a comment, will answer it in the form of a blog post instead of an email reply, so that others in the Community can also benefit from it.
“I was reading your blog post on sending emails from a queue (http://gustafwesterlund.blogspot.com/2013/02/sending-emails-from-queue-with-email.html) and had a question. I’m using CRM 2015 and trying to set up a queue for sending and I was wondering if the generic address needs to point to a mailbox on the server or if it can be a distribution list or mail-enabled public folder. I’ve tried setting up an existing distribution list address for the email address, but I get errors because it can’t log on to a mailbox, so I didn’t know if it was possible or if there’s something else I need to do instead.”
It is a good question. It is not obvious why you cannot use one type of email address or Another, but if you refer to the implementation guide (yes, I know, it is a very large document(s) and hard to navigate, but try to find your way around it) you will see that it says that the email address that you indicate in a queue has to be a user mailbox. It cannot be anything else. There are several different ways of logging in to this, the simplest is to set the credentials in the queue, but this will require you to change the password in the queue every time you change it in the AD. I wrote the Synchronization overview chapter in the CRM Field Guide (http://gustafwesterlund.blogspot.se/2015/04/the-crm-2013-field-guide-is-out.html) and I would strongly recommend that you read this or the similar parts in the implementation guide for more detailed information.
MVP, Founder and CTO at CRM-konsulterna AB